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Amendmenfy the aaiins; 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims! 



1 . (Origiaal) In an operating system on a computing system wherein 
requests are in tiie fonn of encapsulated information, a method for controlling access to actions 
and objects within the computing system* said computing system providing facilities for the 
instantiation of said objects and performance of said actions, said method comprising: 

configuriag selected domains on said computing system as configured domains, 
each one of said configured domains comprising a higher-order multidimensional domain space, 
for segregating system operational functionality according to defined operational boundaries, 
said operational boundaries defined by m^ing attributes of the requests into individual 
domains; 

providing a master daemon, said master daemon selecting said configured 
domains by utilising said attributes of the requests; 

causing said master daemon to respond to selected ones of said requests to 
perform at least one of the following actions on said computing system: 

instantiating on said operating system at least one subordinate daemon; 

instantiating on said operating system at least one subordinate process; 

instantiating on said operating system at least one subordinate thread; 

performing at least one other defmed action; 

wherein said subordinate daemons, said subordinate processes, said sEubordinate 
threads, and said other defmed actions being constrained to operate within one of said configured 
domains at l^t as restrictive as the configured domain of said master daemon. 

2. (Original) • The method according to claim 1 , wherein said master 
daemon is fiirther operative to: 
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control functionality of all said instantiated subordinate daemons, subordinate 
processes^ subordinate threads and said defined actions on said operating system in said 
computer system. 

3, (Currently amended) In an operating system on a computing system 
according to claim 1 , wherein said master daemon is fUrther operative to: 

inter&ce with said computing system to maintain centralized and coordinated 
unconditional access to auditing subsystems of said operating system. 

4, (Original) The method according to claims 1-3 wherein said selected 
domains are further defined by at least one of a security label, a set of security labels, a lattice of 
security labels, a group of security labels, a range of security labels, a combination of collections 
of security labels, and other defined constructs. 

5, (Original) In an operating system on a computing system connected to 
a network of computing systems wherein requests are in the form of encapsulated information, a 
method for controlling access to actions and objects within any of the computing systems, said 
computing systems providing facilities for the remote instantiation of said objects and 
perfonnance of said actions, said method comprising; 

configuring selected domains on at least one of said computing systems as 
configured domains, each one of said configured domains comprising a higher-order 
multidimensional domain space for segregating system operational functionality according to 
defined operational boundaries, said operational boxmdaries defined by mapping attributes of tlie 
requests into individual operating domains; 

providing a master daemon, said master daemon selectmg said configured 
domains by utilizing said attributes of the requests; 

causing said master daemon to respond to selected ones of said requests to 
perform at least one of the following actions on at least one of said computing systems: 

instantiating at least one daemon; 

instantiating at least one subordinate daemon; 
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instantiating at least one process; 
instantiating at least one subordinate process; 
instantiating at least one subonlinate thread; 
performing at least one other defined action; 

wh^in said daemons^ said subordinate daemons, said processes, said subordinate 
processes, said subordinate threads, and said other defined actions being constrained to operate 
within one of said configured domains at least as restrictive as the configured domain of said 
master daemon. 

6. (Original) The method according to claim 5 wherein at least one of 
said contpnting systems is local to said master daemon, 

7. (Original) The method according to claim 6 wherein at least one of 
said computing systems is on said network and is remote from said master daemon. 

8. (Original) The method according to claim S wherein at least one of 
said computing systems is on said netwoik and is remote from said master daemon. 

9. (Original) The method according to claim 8 further including the step 

of: 

causing said master daemon to respond to selected ones of said requests to 
perform a defined acdon on said remote computing system. 

1 0. (Original) The method according to claim 9, wherein said master 
daemon is further operative to: 

control functionality of all said instantiated daemons, subordinate daemons, 
processes, subordinate processes, subordinate threads and said defined actions on selected ones 
of said operating systems on computer systems connected to said network 
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1 1 . (Currently amended) In an operating system on a computing system 



connected to a network of computing systems according to claim 10, wherein said master 
daemon is furdier operative to: 

inter&cc with said local computing system and said remote computing systems to 
maintain centralized and coordinated imconditional access to auditing subsystems of said 
computing systems connected to said network of computing systems. 



domains are fturther defined by at least one of a security label, a set of security labels, a lattice of 
security labels, a group of security labels, a range of security labels, a combination of collections 
of security labels, and other defined constructs. 



12. (Original) 



The method according to claims 5-11 wherein said selected 
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